Security News

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries and drivers, as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from Google's recent rundown of the 97 zero-days exploited in-the-wild in 2023 is that there's a notable increase in targeting enterprise-specific technologies.

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. Google fixed the two zero-days in the Google Chrome stable channel, version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 for Linux users, which will roll out worldwide over the coming days.

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. While 61 of the 97 zero-days affected end-user products last year, this number isn't increasing as rapidly as its enterprise counterparts.

Google's Threat Analysis Group and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. Among these, the FIN11 threat group exploited three separate zero-day vulnerabilities, while at least four ransomware groups exploited another four zero-days.

Users may have to upgrade twice to protect their browsers Mozilla has swiftly patched a pair of critical Firefox zero-days after a researcher debuted them at a Vancouver cybersec competition.…

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Mozilla fixed the security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1 to block potential remote code execution attacks targeting unpatched web browsers on desktop devices.

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days. Vendors have 90 days to release security fixes for zero-day vulnerabilities reported during Pwn2Own contests before TrendMicro's Zero Day Initiative discloses them publicly.

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. “During this campaign, users...

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. At the end of February, AnyCubic printer users began reporting that their Kobra 3D printers were hacked with a print job that warned their devices were vulnerable to a critical vulnerability.

Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.